1. Field of the Invention
The present invention relates to a security framework technique. More particularly, the present invention relates to processing context information in an environment requiring privacy and security protection.
2. Description of Related Art
Recently, we have begun introducing robots into homes to operate home electric appliances, aid in child rearing, support the elderly, care for pets, perform surveillance, provide entertainment, etc. Such robots for individuals or home use can be called personal robots. These robots are also being introduced for administration in the office, information retrieval support, other office work support, etc.
Basically, these robots include: (1) various sensors, such as an image sensor, a sound sensor, and a contact sensor; (2) a manipulator for walking, holding, and the like; (3) a speech synthesis engine; and (4) an engine for performing character recognition, image recognition, or speech recognition based on the results of the various sensors. For example, the image recognition engine includes an individual identification function using facial recognition.
It is preferred that the robot should also have the function of communicating with a personal computer or a server through radio communication.
If the robot sends data acquired from the various sensors to the personal computer or the server, the storage of the personal computer or the server will be filled up immediately because of massive amounts of data. Therefore, the robot performs preprocessing such as character recognition, image recognition, or speech recognition on data detected by the sensors, converts the data to contracted context information indicating who was in what state, and sends it to the personal computer or the server. Then, the robot deletes the data acquired from the sensors after sending the context information. Processing for contracting the data detected by the sensors into a context cannot be performed by the components in the robot alone. As such, the data detected by the sensors can be first sent to the personal computer or the server to perform processing for contracting data into a context so that contracted context data will be stored on the personal computer or the server. Even in this case, the data acquired from the sensors can be deleted in the same manner after the completion of the contraction processing.
However, if the contracted context information continues to be recorded over a long period of time like a life log, the information will become too massive to fit in the personal computer or the server. Therefore, the context information is sent to low bit-cost storage devices, such as cloud servers or network connection disks, to continue the recordation.
However, since cloud servers or network connection disks are not always secure, the robot encrypts the context information with a specific key and sends the encrypted text information to these storage devices so that the context information will be recorded therein.
The image sensor of the robot can possibly capture at least two persons simultaneously. In such cases, it is difficult to dispose context information if one desires to delete context information related to a specific person for privacy protection or confidentiality.
Japanese Patent Application Publication No. 2008-269232 discloses an information processor equipped with a hard disk drive internally storing a cipher key that encrypts data and records the data on a disk, where upon receipt of an urgent message from a security server, a BIOS notifies the hard disk drive of a cipher key delete command. Upon receipt of the cipher key delete command, the hard disk drive deletes the cipher key.
Japanese Patent Application Publication No. 2009-225437 discloses a technique in which a data storage device uses a cipher key to encrypt incoming data automatically without any command and/or control by a host system or any other component outside the device and the host system's or any other component's dedicated control. An encryption function is a built-in function or a self-contained function of the drive and/or the dedicated controller. To permanently delete the entire content of the drive, the cipher key is located and erased to render the stored cipher text unusable. The disposable data is managed on a file basis through multiple internally-generated file-specific cipher keys that are managed with the aid of an internal key library.
EVANS, et al. “Context-Derived Pseudonyms for Protection of Privacy in Transport Middleware and Applications,” PERCOMW '07 Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops, IEEE Computer Society Washington, D.C., USA, pp. 1-6, 2007 (hereinafter “Evans”) discloses a technique related to secure sharing of a private context between two users who agreed to share the context. In the technique, the context is made secret by using message authentication code and is stored in an open repository.
Japanese Patent Application Publication No. 2008-269232 and Japanese Patent Application Publication No. 2009-225437 disclose that a cipher key is deleted in a specific situation. Further, Evans discloses that a context is made secret and is written onto a disk or the like.
However, even if these conventional techniques are combined, nothing mentions a technique that invalidates context information of a specific user in an environment containing the context information.